Russenger Ransomware

The Russenger Ransomware is a file-locking Trojan that uses encryption to keep your files, such as documents, pictures, or archives, from opening. This threat's campaign is disguising its executable as accounting software and may attempt the installations via file-sharing networks or free software websites. Have your anti-malware programs delete the Russenger Ransomware as soon as they can, to reduce data loss to a minimum, and use your backups for recovering any locked files.

The Messenger with a Ransom for You

Russia-targeting Trojans are becoming a daily part of the file-locking Trojan industry, although most of these threats appear to attack random residents, instead of the networks of corporate, government or NGO entities. The Russenger Ransomware is another example of a Trojan using ransoming messages specific for that nation, although its developers may be from a different nationality, due to their linguistic errors. This Trojan's name is due to the 'Messenger' data found in its file data, although it doesn't pretend to be an instant messaging program of any kind.

Rather than being an 'IM' utility, the Russenger Ransomware is posing itself as being a product of the 1C Company, which is an entity noted for its video game and business productivity software. The program's main installer is a Windows executable of just over one megabyte, which makes it slightly larger than most file-locking Trojans of note to malware analysts. Some symptoms of any Russenger Ransomware infection include:

• The Russenger Ransomware blocks different formats of media by using a not-yet-identified encryption method, such as AES-256 or RSA. The Russenger Ransomware appends '.messenger-%random%' extensions to their names (where 'random' is a randomized set of alphanumeric character that changes from name to name).
• The Trojan also delivers a static text message asking the user to contact the threat actor's e-mail for paying to unlock the above files. The Russian language note includes some relatively obvious grammar issues and may be a byproduct of an automated translator.
• Most of the Russenger Ransomware's payload is non-configurable, and malware researchers speculate that its admins are generating new executable variants of the Trojan for each series of attacks against any individual entity. This characteristic sets the Russenger Ransomware apart from most kinds of file-locking threats that include capabilities for generating details like the ID number of the 'customer' dynamically.

Sending Bad Messengers out the Door with Nothing

According to the information associated with its last samples, the Russenger Ransomware is more likely of circulating by the infection vectors most often notable for abetting the installation of fake or mislabeled software. Victims may compromise their PCs by installing 'accounting programs' from freeware sites, pirated content-promoting domains, or any file-sharing networks with few security standards, such as torrents. Once it launches, the Russenger Ransomware can lock your files without needing any further permission from any user.

Malware researchers are still determining the potential decryption solutions for the Russenger Ransomware, which may or may not leave you with any recoverable media. File-locking attacks always are best prevented beforehand, although users can keep backups for lowering any chance of data loss that's permanent. Since less than a dozen brands of professional anti-malware products are detecting this threat, emphasize should be placed on updating your PC's security software for helping it delete the Russenger Ransomware with as much accuracy as possible.

Russia's heritage within the threat industry is a unique one, but not one that grants it immunity from attacks by threat actors who reside elsewhere. Considering the average cost of a Trojan campaign's ransom, the price of the Russenger Ransomware's 'free' software is higher than one would hope.